Malicious code in @tt-aem-tt4a/shared-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 817c1920ad6f83b25d8fd32b77999376a6ad3b5448e93e7b0b66cce72ec4dac0 The OpenSSF Package Analysis project identified '@tt-aem-tt4a/shared-components' @ 10.0.0 npm as malicious. It is considered malicious because: ...

CVE-2026-46723 Information Disclosure in extension "Faceted Search" (ke_search)

The additionaltables configuration of the page and ttcontent indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index...

TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-012...

CVE-2026-31659 batman-adv: reject oversized global TT response buffers

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the ...

CVE-2026-31659

The CVE-2026-31659 issue affects the batman-adv component in the Linux kernel. batadv_tt_prepare_tvlv_global_data() computes a 16‑bit allocation length for a global TT response; if a remote originator advertises a large TT, the TT payload length plus VLAN offset can exceed 65,535 and wrap before ...

PT-2026-35011

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv tt prepare tvlv global data function calculates the allocation length for a global TT response using 16-bit temporaries. If a...

CVE-2026-3997

The CVE-2026-3997 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress Text Toggle plugin (versions up to 1.1). The flaw is in avp_texttoggle_part_shortcode(): the ‘title’ shortcode attribute is taken from user input and concatenated into HTML output without escaping, both...

OESA-2026-1576 freetype security update

FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output glyph images of most vector and bitmap font formats Security Fixes: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in...

Malicious Package

Overview cml-tt-sets is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

USN-7938-1 linux-azure-5.15 vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

CVE-2025-40155

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR maybe uninitialized or zero in that case and may cause oops like: Oops: general protection fault,...

UBUNTU-CVE-2025-40155

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR maybe uninitialized or zero in that case and may cause oops like: Oops: general protection fault,...

CVE-2025-40155

The CVE-2025-40155 issue is in the Linux kernel iommu/vt-d: debugfs legacy mode page table dump logic. In legacy mode, SSPTPTR may be ignored when TT is not 00b or 01b, leaving SSPTPTR uninitialized/zero and risking an OOPs like a general protection fault. The publicly provided fixes add a guard ...

EUVD-2009-4696

Malware in sbrugna...

EUVD-2024-34791

Malicious code in bioql PyPI...

SUSE CVE-2023-53371

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5efsttredirectanycreate The memory pointed to by the fs-any pointer is not freed in the error path of mlx5efsttredirectanycreate, which can lead to a memory leak. Fix by freeing the memory in the...

Linux Distros Unpatched Vulnerability : CVE-2023-45927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function ttsprintf. CVE-2023-45927 Note that Nessus relies on the presence of the package...

Linux Distros Unpatched Vulnerability : CVE-2018-11743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The initcopy function in kernel.c in mruby 1.4.1 makes initializecopy calls for TTICLASS objects, which allows attackers to cause a denial of service mrbhashkey...

PT-2025-46630

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0 191 Description The Linux kernel contains a flaw within the iommu/vt-d subsystem related to debugfs and legacy mode page table dump logic. In legacy mode, the SSPTPTR is not properly checked, potentially...

Malicious code in asd-tt (npm)

The package asd-tt was found to contain malicious code...